State of Email Security for 2019

Email has been an irreplaceable blessing and a cruel curse to the cybersecurity of business over the years. Email connects the employees as well as the rest of the world. However, because email connects employees to the rest of the world, email has also come to be the largest vulnerability of any organization. In fact, recent studies report that 94% of companies will experience an email-related malicious attack.

These attacks are generally phishing attacks such as emails requesting money transfers and fraud based attacks such as impersonation of third party vendors. Email is the easiest point of contact for other users, external or internal, to interact with employees and attempt malicious attacks. Reasons for improving email security are endless and companies are looking for solutions to remedy potential vulnerabilities in their systems.

Vulnerabilities are Increasing

The amount of email-based attacks towards a company has consistently seen a rise in recent years. As the world moves further and further along with the use of the internet and emails, this trend isn’t likely to see any change. IT departments are finding it increasingly difficult to protect the company and increase email security. In fact, 61% of businesses believe that they will likely or inevitably suffer an email-borne attack.

Companies are continuing to promote email safety protocols and educate employees on the proper usage of email.

Through these efforts, they hope to minimize security risks and improve vulnerability management. However, while these efforts to increase employee ability to spot cyber attacks have increased, only 25% of companies are providing training to actively increase email security. This training is commonly in the form of group sessions or informative videos. Some companies even go as far as having one on one sessions with employees to ensure that they understand the risk involved in email and that they keep the company safe while using it.

Effects of Attacks on Businesses

Many of these email-borne attacks have had direct effects on the functioning and profits of the organization. Specifically for email-based impersonation attacks, organizations have reported that:

13% lost their position in the market

26% loss of reputation

27% had to cut back on employee numbers

28% lost customers

29% experienced direct financial loss

39% experienced data loss

While 25% reported that they experienced no loss because of an impersonation email attack, this doesn’t mean that they didn’t suffer losses from some other form of attack. The chances are high that they did.

More to Email Security Than Just Outside Threats

There’s more to email security than simply malicious user attacks. There are also human errors involved. 31% of C-suite level(CFO, CEO, CTO) employees have reported to had sent sensitive data to the wrong person. If this information is incorrectly sent to a fellow employee, the situation may not be so bad. However, if the wrong information is sent outside of the company, there is a chance that the information can be used to harm the company. Roughly 40% of employees at a given organization believes that the CEO undervalues the impact of email security.

C-suite level members of an organization are also the target of most cyber criminals. As C-suite level members often hold valuable information and have authorization to much of the company, cyber criminals highly target these individuals because they can profit the most from them. C-suite level employees, just as much as normal level employees, need to become better educated on email security.